Macworld Feature: Keeping the iPad secure

The iPad has great tools for keeping your data safe

The iPad is one of the safest computing devices you can use. Its combination of hardware and software security give you a device that’s probably more secure than your Mac or PC – especially if you take all the right steps to secure it.

As there are currently no known remote attacks against iPads, the biggest security risk is physically losing the device. Therefore, the first step is to make sure your tablet’s data is safe in case it gets lost or stolen. For that, we’d suggest a combination of encryption and remote wiping.

Passcodes and encryption

By default, iPads encrypt the data stored on them. You can encrypt email messages and attachments as well by turning on data protection. To do so, go to Settings > General > Passcode Lock and then enter a four-digit code twice. If you want to be extra safe, turn off the Simple Passcode option on that same page; you can then use longer codes. While you’re there, set Require Passcode for no more than 15 minutes and turn on Erase Data.

Data on your iPad is encrypted by default; if you turn on Require Passcode, email and attachments will be too

You can make those passcodes even more powerful by downloading and launching Apple’s (poorly named) iPhone Configuration Utility. Designed for enterprise IT managers, it provides a number of additional security and business settings.

To start, tap Configuration Profile > New, and select Passcode from the list. You’ll now have lots of options. At the very least, specify a minimum length for the passcode.

To activate these password settings, fill in a name and identifier for your new profile on the General tab. If nobody else uses the iPad, set the Security drop-down menu to Always; if you’re configuring an iPad for someone else and don’t want them to change settings without your permission, set it for Never or With Authorization (and then provide a password).

When the profile is set, click Share to send it in an email message to your iPad. On the tablet, open Mail, find the message, click on its attachment, and select Install.

Remote wipe

Remote wiping allows you to delete the data on a lost or stolen iPad when it connects to the internet. If you have a MobileMe account, you can set this up by enabling Find My iPad in Settings > Mail, Contacts, Calendars > MobileMe.

Business users who connect to a Microsoft Exchange server (or alternatives, such as Kerio Connect) can use Exchange ActiveSync support to wipe their devices. This is managed on the server, not on your device, so you’ll need to work with your IT administrator.

In use

There are also things you can do in daily use to make your iPad more secure. One of the best is to use a VPN.

Another way is to use secure connections for email. Properly configured Microsoft Exchange servers encrypt data by default. If you use an IMAP or POP3 server, and it supports SSL, you can go to Settings > Mail, Contacts, Calendars > youraccountname > Advanced on your iPad and enable it there.

Although data protection encrypts your email attachments, the moment you send them off to an app such as Pages, they are protected by the iPad’s basic encryption only. If you’re really worried about such documents, you can use a special secure email server tool like Good for Enterprise (www.good.com) and its free companion iPad app. Good for Enterprise locks encrypted email attachments (and any files downloaded from its secure browser) inside the app, which means that you can read them, but not edit them.

If you do lose your iPad, one of the first things you should do is change your password and deauthorise the device for any services – such as Dropbox or iDisk – that you used for connecting to it.

Finally, consider getting the 1Password Pro app (£8.99; www.agilewebsolutions.com). This app enables good password habits (requiring a different, complex password for every site), it syncs with your Mac and other devices over the network or via Dropbox, and it stores secure notes and other information, including passwords. It even comes with its own web browser so you can log in to sites without having to copy and paste your credentials.